数据库被未知人员将数据误操作,领导要查找出次人员,故而采用日志挖掘功能
1、将归档日志和在线redo拼接成SQL命令
select q'[exec dbms_logmnr.add_logfile(']'||name||q'[');]'
from v$archived_log
where name is not null
and trunc(first_time) =date '2015-6-24'
order by next_time desc;
select q'[exec dbms_logmnr.add_logfile(']'||member||q'[');]'
from v$logfile;
2、开启数据库的附加日志功能
如未开启则查不到更改人的session具体信息(主机名等),并且只对开启附加日志功能后变更的数据有效。
select supplemental_log_data_min from v$database;
alter database add supplemental log data;
3、执行dbms_logmnr包,添加日志并开启日志挖掘功能
exec dbms_logmnr.add_logfile('+DG_ARCHIVE/ctcs3e/archivelog/2015_06_25/thread_2_seq_26503.1595.883308175');
...
exec dbms_logmnr.start_logmnr(options=>dbms_logmnr.dict_from_online_catalog);
4、查找出问题所在,并关闭日志挖掘功能
select * from v$logmnr_contents where ROW_ID='AAAbL1ADXAAErGVAAI';
exec dbms_logmnr.end_logmnr;